Open-Xchange: Pre-auth Denial-of-Service in Dovecot RPA implementation
Hi, Dovecot security team. I am Orange from DEVCORE security team. We just did a little security audit on the authentication mechanism of Dovecot, and found a buffer over-read in RPA implementation. In the mech-rpa.c, the function rpareadbuffer doesn't check that the length could be zero, and pas...